CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 1
Code Issues 6 Pull requests 4 Wiki Activity Actions

light(host): move to dns-01-acme-dns #79

Merged
bitwhisker merged 1 commit from acmedns_light into main 2026-04-11 04:37:31 +02:00
Conversation 0 Commits 1 Files changed 2 +25 -7
2 changed files with 25 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

9
inventories/z9/host_vars/light.sops.yaml
View file

@ -1,4 +1,7 @@
ansible_pull__age_private_key: ENC[AES256_GCM,data:VEGxr8C7RlEhyQhf+to/OrbfPPKkyL7iUU1yDXGAzmmPCQ4VftK71eiyN7OS6pG8J89Mj4Sy/dcY4SUX+rTl/q1csZMn9t4NBN8=,iv:JcrdyFLX5srZfRj9SA+RXf+CRZi5GEcApgyYsHoHTGE=,tag:xdJ4GmK3afZDkXmkrriStg==,type:str] ansible_pull__age_private_key: ENC[AES256_GCM,data:VEGxr8C7RlEhyQhf+to/OrbfPPKkyL7iUU1yDXGAzmmPCQ4VftK71eiyN7OS6pG8J89Mj4Sy/dcY4SUX+rTl/q1csZMn9t4NBN8=,iv:JcrdyFLX5srZfRj9SA+RXf+CRZi5GEcApgyYsHoHTGE=,tag:xdJ4GmK3afZDkXmkrriStg==,type:str]
secret__acme_dns_api_key_light_ccchh_net: ENC[AES256_GCM,data:SLUNVJQ4Nkos+tYH0l9ndJI8mrfZFC9i/qQqkcHgfLaNjL1tFuAFfQ==,iv:cc7DsiqzMlc2lh3D63cElMQcOeYT7oNxmRy7irSr9/s=,tag:dBnTAJXvgWlmq5vVGxrykw==,type:str]
secret__acme_dns_api_key_light_z9_ccchh_net: ENC[AES256_GCM,data:m6+Sk533qTRfhrwv7U2RydJh/j7KjJKHiEetyzgvJV1dgWXmE5AhYA==,iv:lAGv4vfxA+DQfwaHiDp3NMel0tjmZl96nKUAN8QGFe4=,tag:h0wM/F9E4dIy+NYLIVUpxg==,type:str]
secret__acme_dns_api_key_light_werkstatt_ccchh_net: ENC[AES256_GCM,data:zJ9hQo1jmQ5+d0oU+CD+cQh89HshPpguZCak7Nfjdb2bygUXJrEIIw==,iv:y+FSB/k5LixKJOm9egWsjhByQAdv7TfJHvv3job2oYg=,tag:CmuUqnCI3V/aOOUitzYT9Q==,type:str]
sops: sops:
age: age:
- recipient: age1llkxtfx4dgnezmukj4ganx4ql9k4ga4ca9zuanf5r568jfp8peeqal490q - recipient: age1llkxtfx4dgnezmukj4ganx4ql9k4ga4ca9zuanf5r568jfp8peeqal490q
@ -10,8 +13,8 @@ sops:
SHgzd0IvZjJBamZFcHczNm1FN1Q1TzAKDgId6bAykxsgXAeBWXd6Dyxiiyh0gIb/ SHgzd0IvZjJBamZFcHczNm1FN1Q1TzAKDgId6bAykxsgXAeBWXd6Dyxiiyh0gIb/
Q6MHNtagsA5OrUtc7xEInVt8CYT8czI/Lr9pHzmx5bQPlDf8NkW0lA== Q6MHNtagsA5OrUtc7xEInVt8CYT8czI/Lr9pHzmx5bQPlDf8NkW0lA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-03-30T18:56:30Z" lastmodified: "2026-04-11T01:24:10Z"
mac: ENC[AES256_GCM,data:XQJwF0MuaNoNssD3QvcDrlz+W7cccDdBaY82i6Qae7zBOQKlxLRJ7FteaDQEmQ7Yb1xBczpS+wBLgKNy5WbwIm8GELX1Hs91Y/SUguCnSualWhSVw9HW42T4oP9OEv2DC2aiJYHampSOgjmWgbPqawCU9xfsnP7RFGajQNNmRWU=,iv:O+A6tGFLhS4AVjLQ25eEjUfERPG2PnzgczZ0wczf7UY=,tag:yjFBjKtSE6vu9JMY9DQ0UA==,type:str] mac: ENC[AES256_GCM,data:D7qAgDZX8B0oNdZovHE74sSZI5X3qd8oDPHWl13Q2ohLnp9vJsFxrKntXxeeHASzQceDv2RQ1exwq7ZPor62sLFx+xO1Dc0Awpq1eoclDlHPyKlvT3pgkcB8IxDO/FuO+7hg/bJkmTHhbHTiHLGQDWN2sQev309Eka86lQyCzIQ=,iv:OBCobeUp+GwdDQhrNtTJhiRVMxRJafq5g1rhMoEFhjc=,tag:OSAWMn2NPZnVKcRX+eJf+Q==,type:str]
pgp: pgp:
- created_at: "2026-03-30T19:01:24Z" - created_at: "2026-03-30T19:01:24Z"
enc: |- enc: |-
@ -213,4 +216,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 41FFAF3D519CF5C039FBD8414BCC213729AF0E49 fp: 41FFAF3D519CF5C039FBD8414BCC213729AF0E49
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.12.1 version: 3.12.2

23
inventories/z9/host_vars/light.yaml
View file

@ -60,9 +60,24 @@ nginx__configurations:
content: "{{ lookup('ansible.builtin.file', 'resources/z9/dooris/nginx/http_handler.conf') }}" content: "{{ lookup('ansible.builtin.file', 'resources/z9/dooris/nginx/http_handler.conf') }}"
certbot__acme_account_email_address: le-admin@hamburg.ccc.de certbot__acme_account_email_address: le-admin@hamburg.ccc.de
certbot__certificate_domains: certbot__certs:
- "light-werkstatt.ccchh.net" - commonName: "light.ccchh.net"
- "light.ccchh.net" challengeType: "dns-01-acme-dns"
- "light.z9.ccchh.net" dns_01_acme_dns:
subdomain: "e59f55ee-9013-469d-a146-a159721b6fea"
apiUser: "33e96ec7-1f98-4f70-92be-85a42dabd211"
apiKey: "{{ secret__acme_dns_api_key_light_ccchh_net }}"
- commonName: "light.z9.ccchh.net"
challengeType: "dns-01-acme-dns"
dns_01_acme_dns:
subdomain: "3bc9e7ce-03dd-4533-a059-b5d38407eaa5"
apiUser: "c3b00882-ca2a-4d11-9ebd-fccfb8618b75"
apiKey: "{{ secret__acme_dns_api_key_light_z9_ccchh_net }}"
- commonName: "light-werkstatt.ccchh.net"
challengeType: "dns-01-acme-dns"
dns_01_acme_dns:
subdomain: "f408acc0-d9f5-4525-bb01-28938e3bb7d0"
apiUser: "a030e419-6ed8-43ee-8425-a451b457f83a"
apiKey: "{{ secret__acme_dns_api_key_light_werkstatt_ccchh_net }}"
certbot__new_cert_commands: certbot__new_cert_commands:
- "systemctl reload nginx.service" - "systemctl reload nginx.service"